nixos-config/flake.nix
2022-09-29 12:36:36 +02:00

230 lines
6.6 KiB
Nix

{
description = "my krops file";
inputs = {
secrets = {
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
flake = false;
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
krops = {
url = "github:Mic92/krops";
inputs.nixpkgs.follows = "nixpkgs";
};
# colmena
# -------
colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
polygon-art = {
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
};
sops-nix.url = "github:Mic92/sops-nix";
emacs-overlay = {
url = "github:nix-community/emacs-overlay";
flake = false;
};
doom-emacs-nix = {
url = "github:nix-community/nix-doom-emacs";
inputs.nixpkgs.follows = "nixpkgs";
#inputs.emacs-overlay.follows = "emacs-overlay";
};
home-manager = {
url = "github:nix-community/home-manager/release-21.11";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-utils = {
url = "github:mrvandalo/home-manager-utils";
inputs.home-manager.follows = "home-manager";
};
cluster-module = {
url = "github:mrvandalo/module.cluster";
};
nixpkgs-fmt = {
url = "github:nix-community/nixpkgs-fmt";
inputs.nixpkgs.follows = "nixpkgs";
};
grocy-scanner = {
url = "github:mrVanDalo/grocy-scanner";
inputs.nixpkgs.follows = "nixpkgs";
};
private_assets = {
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
flake = false;
};
retiolum = {
url = "github:krebs/retiolum";
flake = false;
};
};
outputs =
{ self
, cluster-module
, colmena
, doom-emacs-nix
, emacs-overlay
, grocy-scanner
, home-manager
, home-manager-utils
, krops
, nixpkgs
, nixpkgs-fmt
, nixpkgs-unstable
, polygon-art
, private_assets
, secrets
, sops-nix
, retiolum
}:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
writeCommand = krops.packages.${system}.writeCommand;
pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
# collect all network configurations and save them in the store
sudo ls /etc/NetworkManager/system-connections \
| while read file
do
sudo cat "/etc/NetworkManager/system-connections/$file" \
| ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file"
done
'';
pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" ''
echo "push network passwords to $1"
'';
in
{
# colmena
devShell.${system} =
pkgs.mkShell {
buildInputs = [
colmena.packages.${system}.colmena
pushNetworkPasswords
pullNetworkPasswords
nixpkgs-fmt.defaultPackage.${system}
];
};
colmena =
let
sopsModule = name: { lib, ... }: {
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
imports = [
sops-nix.nixosModules.sops
];
};
in
{
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [
(_self: _super: {
# we assign the overlay created before to the overlays of nixpkgs.
unstable = nixpkgs-unstable.legacyPackages.${pkgs.system};
polygon-art = polygon-art.packages.${pkgs.system};
})
];
};
specialArgs = {
inherit private_assets retiolum;
};
};
defaults = { name, pkgs, ... }: {
deployment.buildOnTarget = true;
nix = {
# no channesl needed this way
nixPath = [ "nixpkgs=${pkgs.path}" ];
# make flakes available
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
environment.systemPackages = [
nixpkgs-fmt.defaultPackage.${system}
colmena.packages.${system}.colmena
];
imports = [
./nixos/machines/${name}/configuration.nix
cluster-module.nixosModules.tinc
(sopsModule name)
home-manager.nixosModules.home-manager
];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
};
sterni = { name, nodes, pkgs, ... }: {
deployment.allowLocalDeployment = true;
deployment.targetHost = "${name}.private";
deployment.tags = [ "desktop" "online" "private" ];
imports = [
grocy-scanner.nixosModule
];
home-manager.users.mainUser = {
imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
};
};
sternchen = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.secret";
deployment.tags = [ "desktop" ];
imports = [
grocy-scanner.nixosModule
];
home-manager.users.mainUser = {
imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
programs.doom-emacs.enable = false;
};
};
pepe = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.private";
deployment.tags = [ "server" "online" "private" ];
imports = [
grocy-scanner.nixosModule
];
};
robi = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}";
deployment.tags = [ "server" "online" "private" ];
imports = [ ];
};
mobi = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.private";
deployment.tags = [ "desktop" "usb" "private" ];
imports = [
grocy-scanner.nixosModule
];
home-manager.users.mainUser = {
imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
};
};
};
};
}